Skip to main content

Rootkits: What they are, and how to find them. Day 2 Part 1

Movies Preview

movies
Rootkits: What they are, and how to find them. Day 2 Part 1




More information, and the class materials for this class and others is available at www.OpenSecurityTraining.info. It is strongly recommended to take the Introductory Intel x86, Intermediate Intel x86, and Life of Binaries before this class. To find the prerequisite class videos, click the OpenSecurityTraining.info tag.

Rootkits are a type of malware which are dedicated to hiding the attacker’s presence on a compromised system. This class will focus on understanding how rootkits work, and what tools can be used to help find them.

This will be a very hands-on class where we talk about specific techniques which rootkits use, and then do labs where we show how a proof of concept rootkit is able to hide things from a defender. Example techniques include
•Trojaned binaries
•Inline hooks
•Import Address Table (IAT) hooking
•System Call Table/System Service Descriptor Table (SSDT) hooking
•Interrupt Descriptor Table (IDT) hooking
•Direct Kernel Object Manipulation (DKOM)
•Kernel Object Hooking (KOH)
•IO Request Packet (IRP) filtering
•Hiding files/processes/open ports
•Compromising the Master Boot Record (MBR) to install a “bootkit”

The class will help the student learn which tools to use to look for rootkits on Windows systems, how to evaluate the breadth of a tool’s detection capabilities, and how to interpret tool results.


Run time 53 minutes 16 seconds
Producer Xeno Kovah
Audio/Visual sound, color

comment
Reviews

There are no reviews yet. Be the first one to write a review.
SIMILAR ITEMS (based on metadata)
OpenSecurityTraining.info
movies
eye 3,966
favorite 2
comment 0
OpenSecurityTraining.info
movies
eye 1,632
favorite 1
comment 0
OpenSecurityTraining.info
movies
eye 1,788
favorite 1
comment 0
OpenSecurityTraining.info
movies
eye 1,744
favorite 1
comment 0
OpenSecurityTraining.info
movies
eye 1,853
favorite 1
comment 0
OpenSecurityTraining.info
movies
eye 2,092
favorite 1
comment 0
OpenSecurityTraining.info
movies
eye 1,756
favorite 1
comment 0
OpenSecurityTraining.info
movies
eye 1,736
favorite 1
comment 0
OpenSecurityTraining.info
movies
eye 1,697
favorite 1
comment 0
OpenSecurityTraining.info
movies
eye 1,710
favorite 1
comment 0